/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.google.code.motoo.ssl;

import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.Security;

import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManagerFactory;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

import com.google.code.motoo.core.IoSession;

/**
 * SSLHandler的工厂类，可在工厂类里配置SSLEngine的属性
 * @author linfengqi
 * @version 1.0  May 11, 2009
 */
public class SSLHandlerFactory {
	private final boolean clientMode;
	private final SSLContext sslContext;
	private boolean wantClientAuth;
	private boolean needClientAuth;
	public final static Log log = LogFactory.getLog(SSLHandlerFactory.class);
	
	private static final String KEY_MANAGER_FACTORY_ALGORITHM;

    static {
        String algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm");
        if (algorithm == null) {
            algorithm = KeyManagerFactory.getDefaultAlgorithm();
        }

        KEY_MANAGER_FACTORY_ALGORITHM = algorithm;
    }

	public static SSLContext createSSLContext(String keystore, String password) throws Exception {
		// Create/initialize the SSLContext with key material
		char[] passphrase = password.toCharArray();
		// First initialize the key and trust material.
		/*KeyStore ks = KeyStore.getInstance("JKS");
		ks.load(new FileInputStream(keystore), passphrase);
		SSLContext sslContext = SSLContext.getInstance("TLS");

		if (clientMode) {
			// TrustManager's decide whether to allow connections.
			TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
			tmf.init(ks);
			sslContext.init(null, tmf.getTrustManagers(), null);

		} else {
			// KeyManager's decide which key material to use.
			KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
			kmf.init(ks, passphrase);
			sslContext.init(kmf.getKeyManagers(), null, null);
		}*/
		
		
		
		KeyStore ks = KeyStore.getInstance("JKS");
		KeyStore ts = KeyStore.getInstance("JKS");

		ks.load(new FileInputStream(keystore), passphrase);
		ts.load(new FileInputStream(keystore), passphrase);

		KeyManagerFactory kmf = KeyManagerFactory.getInstance(KEY_MANAGER_FACTORY_ALGORITHM);
		kmf.init(ks, passphrase);

		TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
		tmf.init(ts);

		SSLContext sslContext = SSLContext.getInstance("TLS");
		sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
		return sslContext;
	}

	public SSLHandlerFactory(boolean clientMode, String keystore, String password) throws Exception {
		this.clientMode = clientMode;
		sslContext = createSSLContext(keystore, password);
	}

	public SSLHandler createSSLHandler(IoSession session) throws Exception {
		SSLEngine engine = sslContext.createSSLEngine();
		engine.setUseClientMode(clientMode);
		engine.setWantClientAuth(wantClientAuth);
		engine.setNeedClientAuth(needClientAuth);
		return new SSLHandler(engine, session);
	}

	public SSLContext getSslContext() {
		return sslContext;
	}

	public void setWantClientAuth(boolean wantClientAuth) {
		this.wantClientAuth = wantClientAuth;
	}

	public void setNeedClientAuth(boolean needClientAuth) {
		this.needClientAuth = needClientAuth;
	}
}
